[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201407-05.xml - gentoo-commits

From:	"Tobias Heinlein (keytoaster)" <keytoaster@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201407-05.xml
Date:	Sun, 27 Jul 2014 22:49:46
Message-Id:	`20140727224739.C51BA2004E@flycatcher.gentoo.org`

1

keytoaster    14/07/27 22:47:39

2

3

  Added:                glsa-201407-05.xml

4

  Log:

5

  GLSA 201407-05

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201407-05.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201407-05.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201407-05.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201407-05.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201407-05">

20

  <title>OpenSSL: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in OpenSSL, possibly

22

    allowing remote attackers to execute arbitrary code.

23

  </synopsis>

24

  <product type="ebuild">openssl</product>

25

  <announced>July 27, 2014</announced>

26

  <revised>July 27, 2014: 1</revised>

27

  <bug>512506</bug>

28

  <access>remote</access>

29

  <affected>

30

    <package name="dev-libs/openssl" auto="yes" arch="*">

31

      <unaffected range="ge">1.0.1h-r1</unaffected>

32

      <unaffected range="rge">1.0.0m</unaffected>

33

      <unaffected range="rge">0.9.8z_p1</unaffected>

34

      <unaffected range="rge">0.9.8z_p2</unaffected>

35

      <unaffected range="rge">0.9.8z_p3</unaffected>

36

      <unaffected range="rge">0.9.8z_p4</unaffected>

37

      <unaffected range="rge">0.9.8z_p5</unaffected>

38

      <vulnerable range="lt">1.0.1h-r1</vulnerable>

39

    </package>

40

  </affected>

41

  <background>

42

    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer

43

      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general

44

      purpose cryptography library.

45

    </p>

46

  </background>

47

  <description>

48

    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review

49

      the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers

50

      referenced below for details.

51

    </p>

52

  </description>

53

  <impact type="high">

54

    <p>A remote attacker could send specially crafted DTLS fragments to an

55

      OpenSSL DTLS client or server to possibly execute arbitrary code with the

56

      privileges of the process using OpenSSL.

57

    </p>

58

59

    <p>Furthermore, an attacker could force the use of weak keying material in

60

      OpenSSL SSL/TLS clients and servers, inject data across sessions, or

61

      cause a Denial of Service via various vectors.

62

    </p>

63

  </impact>

64

  <workaround>

65

    <p>There is no known workaround at this time.</p>

66

  </workaround>

67

  <resolution>

68

    <p>All OpenSSL users should upgrade to the latest version:</p>

69

70

    <code>

71

      # emerge --sync

72

      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.1h-r1"

73

    </code>

74

75

  </resolution>

76

  <references>

77

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298">CVE-2010-5298</uri>

78

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195">CVE-2014-0195</uri>

79

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198">CVE-2014-0198</uri>

80

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221">CVE-2014-0221</uri>

81

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224">CVE-2014-0224</uri>

82

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470">CVE-2014-3470</uri>

83

    <uri link="http://www.openssl.org/news/secadv_20140605.txt">OpenSSL

84

      Security Advisory [05 Jun 2014]

85

    </uri>

86

  </references>

87

  <metadata tag="requester" timestamp="Fri, 06 Jun 2014 10:20:51 +0000">

88

    keytoaster

89

  </metadata>

90

  <metadata tag="submitter" timestamp="Sun, 27 Jul 2014 21:35:36 +0000">

91

    keytoaster

92

  </metadata>

93

</glsa>

1	keytoaster 14/07/27 22:47:39
2
3	Added: glsa-201407-05.xml
4	Log:
5	GLSA 201407-05
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201407-05.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201407-05.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201407-05.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201407-05.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201407-05">
20	<title>OpenSSL: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in OpenSSL, possibly
22	allowing remote attackers to execute arbitrary code.
23	</synopsis>
24	<product type="ebuild">openssl</product>
25	<announced>July 27, 2014</announced>
26	<revised>July 27, 2014: 1</revised>
27	<bug>512506</bug>
28	<access>remote</access>
29	<affected>
30	<package name="dev-libs/openssl" auto="yes" arch="*">
31	<unaffected range="ge">1.0.1h-r1</unaffected>
32	<unaffected range="rge">1.0.0m</unaffected>
33	<unaffected range="rge">0.9.8z_p1</unaffected>
34	<unaffected range="rge">0.9.8z_p2</unaffected>
35	<unaffected range="rge">0.9.8z_p3</unaffected>
36	<unaffected range="rge">0.9.8z_p4</unaffected>
37	<unaffected range="rge">0.9.8z_p5</unaffected>
38	<vulnerable range="lt">1.0.1h-r1</vulnerable>
39	</package>
40	</affected>
41	<background>
42	<p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
43	(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
44	purpose cryptography library.
45	</p>
46	</background>
47	<description>
48	<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
49	the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers
50	referenced below for details.
51	</p>
52	</description>
53	<impact type="high">
54	<p>A remote attacker could send specially crafted DTLS fragments to an
55	OpenSSL DTLS client or server to possibly execute arbitrary code with the
56	privileges of the process using OpenSSL.
57	</p>
58
59	<p>Furthermore, an attacker could force the use of weak keying material in
60	OpenSSL SSL/TLS clients and servers, inject data across sessions, or
61	cause a Denial of Service via various vectors.
62	</p>
63	</impact>
64	<workaround>
65	<p>There is no known workaround at this time.</p>
66	</workaround>
67	<resolution>
68	<p>All OpenSSL users should upgrade to the latest version:</p>
69
70	<code>
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
73	</code>
74
75	</resolution>
76	<references>
77	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298">CVE-2010-5298</uri>
78	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195">CVE-2014-0195</uri>
79	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198">CVE-2014-0198</uri>
80	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221">CVE-2014-0221</uri>
81	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224">CVE-2014-0224</uri>
82	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470">CVE-2014-3470</uri>
83	<uri link="http://www.openssl.org/news/secadv_20140605.txt">OpenSSL
84	Security Advisory [05 Jun 2014]
85	</uri>
86	</references>
87	<metadata tag="requester" timestamp="Fri, 06 Jun 2014 10:20:51 +0000">
88	keytoaster
89	</metadata>
90	<metadata tag="submitter" timestamp="Sun, 27 Jul 2014 21:35:36 +0000">
91	keytoaster
92	</metadata>
93	</glsa>

Gentoo Archives: gentoo-commits